Skip to main content
  1. Home
  2. Gaming
  3. News

Microsoft offers up to $20,000 to identify security vulnerabilities in Xbox Live

By

When it comes to securing complex products, companies are increasingly turning to bug bounty programs to invite members of the public to find security vulnerabilities. Google’s bug bounty program handed out $6.5 million last year, and Apple recently expanded its program to cover macOS bugs as well as iOS bugs.

Now Microsoft is expanding its own bug bounty program from covering software like its Office suite and its Edge browser to also covering the Xbox Live network and services. The company will pay out rewards to anyone who can find and reproduce a security vulnerability in the Xbox Live system.

Recommended Videos

As announced in a Microsoft Security Response Center blog post, “The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD). Eligible submissions with a clear and concise proof of concept (POC) are eligible for awards up to US$20,000.”

Related

CVD is a policy in which researchers agree to disclose any vulnerabilities they find to the creators of the software (in this case, Microsoft) and allow the creators to manage further disclosure. Essentially, participants in the bug bounty program agree that they will turn over information about vulnerabilities to Microsoft and let Microsoft handle the closing of security loopholes and announcements to the public.

To register for the program, users must have an Xbox network account, and Microsoft recommends that they have access to an Xbox with an Xbox Game Pass or Xbox Gold as well. Once a user has identified a security vulnerability that can be reproduced in the latest, patched version of Xbox Live, they must report it in either written or video format.

Bounties range from $1,000 for a low-quality report of a vulnerability that allows tampering all the way up to $20,000 for a high-quality report of a critical vulnerability that enables remote code execution.

Denial of Service attacks are not part of the program and are prohibited, as are automated attacks that generate significant traffic. Social engineering attacks such as phishing are also not allowed.

More details about the details of the bug bounty program are available on the Microsoft website.

Editors’ Recommendations

Topics
Georgina Torbet
Georgina Torbet
Space Writer
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
Microsoft offered Sony a 10-year Call of Duty deal for PlayStation, report says
Call of Duty Modern Warfare 2.

Microsoft reportedly offered Sony a deal to keep the Call of Duty franchise on PlayStation for 10 years, according to a report by The New York Times. The tech giant announced its intention to acquire Activision Blizzard earlier this year for almost $70 billion, but the deal has come under intense scrutiny from regulators such as the U.K.'s Competition and Markets Authority (CMA) and the E.U.'s European Commission.

According to The New York Times, Microsoft said that on November 11 it had made an offer to keep Call of Duty on PlayStation for another decade. However, Sony declined to comment on this specific claim.

Read more
Xbox again teams up with the Special Olympics for inclusive esports event
Xbox Series S

Xbox will once again partner with the Special Olympics for its second annual Gaming for Inclusion Esports event. It will take place on September 10 and 17.

In 2021, Xbox partnered up with Special Olympics to create the Gaming for Inclusion Esports tournament. This first event was the culmination of nearly a decade of Xbox and Special Olympics working together to empower differently abled athletes to compete and commentate on games. It partnered athletes and celebrity partners in competitions featuring games such as Rocket League, Madden NFL 22, and Forza Motorsport 7. In 2021, the event saw Jayson Tatum, Jamaal Charles, and many WWE Superstars compete alongside Special Olympics athletes.

Read more
Microsoft claims Sony pays to stop devs from adding content to Xbox Game Pass
A tv shows the new Xbox Game Pass that comes to Samsung Gaming Hub soon.

In the midst of the ongoing battle to get its $69 billion acquisition of Activision Blizzard approved by Brazil, Microsoft has accused Sony of paying for "blocking rights" to prevent developers from adding their games to Xbox Game Pass.

The company filed a claim to the South American country's Administrative Council for Economic Defense (CADE) on Tuesday, commenting that Sony has been actively trying to inhibit the growth of Game Pass by keeping certain games from appearing on Microsoft's game-streaming service. In the claim, Microsoft says Sony is paying developers to keep their games out of Game Pass out of exclusivity fears. In other words, it's concerned that some of the Activision Blizzard games that are on PlayStation Plus, like games in the Call of Duty series, may become a Game Pass exclusive once the deal closes -- a concern that Microsoft deems incoherent.

Read more